Status
Current state: ["Under Discussion"]
Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA: here [Change the link from KAFKA-1 to your own ticket]
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
KIP-48 added support for delegation token based authentication mechanism. KIP-48 already implemented protocol request and response for delegation token operations.
This KIP is about adding these delegation token operations to the new Admin Client API.
Public Interfaces
The AdminClient API will have the following new methods added
AdminClient { //create delegation token public CreateDelegationTokenResult createDelegationToken() public abstract CreateDelegationTokenResult createDelegationToken(CreateDelegationTokenOptions options) //renew delegation token public RenewDelegationTokenResult renewDelegationToken(ByteBuffer hmac) public abstract RenewDelegationTokenResult renewDelegationToken(ByteBuffer hmac, RenewDelegationTokenOptions options); //expire delegation token public ExpireDelegationTokenResult expireDelegationToken(ByteBuffer hmac) public abstract ExpireDelegationTokenResult expireDelegationToken(ByteBuffer hmac, ExpireDelegationTokenOptions options); //describe delegation tokens public DescribeDelegationTokenResult describeDelegationToken() public abstract DescribeDelegationTokenResult describeDelegationToken(DescribeDelegationTokenOptions options); }
Proposed Changes
The following classes will be added.
CreateDelegationTokenResult, CreateDelegationTokenOptions
RenewDelegationTokenResult, RenewDelegationTokenOptions
ExpireDelegationTokenResult, ExpireDelegationTokenOptions
DescribeDelegationTokenResult, DescribeDelegationTokenOptions
public class CreateDelegationTokenResult { private final KafkaFuture<DelegationToken> delegationToken; CreateDelegationTokenResult(KafkaFuture<DelegationToken> delegationToken) { this.delegationToken = delegationToken; } /** * Returns a future which yields a delegation token */ public KafkaFuture<DelegationToken> delegationToken() { return delegationToken; } } public class CreateDelegationTokenOptions extends AbstractOptions<CreateDelegationTokenOptions> { private long maxLifeTimeMs = -1; private List<KafkaPrincipal> renewers = new LinkedList<>(); public CreateDelegationTokenOptions renewers(List<KafkaPrincipal> renewers) { this.renewers = renewers; return this; } public List<KafkaPrincipal> renewers() { return renewers; } public CreateDelegationTokenOptions maxlifeTimeMs(long maxLifeTimeMs) { this.maxLifeTimeMs = maxLifeTimeMs; return this; } public long maxlifeTimeMs() { return maxLifeTimeMs; } } public class RenewDelegationTokenResult { private final KafkaFuture<Long> expiryTimestamp; RenewDelegationTokenResult(KafkaFuture<Long> expiryTimestamp) { this.expiryTimestamp = expiryTimestamp; } /** * Returns a future which yields expiry timestamp */ public KafkaFuture<Long> expiryTimestamp() { return expiryTimestamp; } } public class RenewDelegationTokenOptions extends AbstractOptions<RenewDelegationTokenOptions> { private long renewTimePeriodMs = -1; public RenewDelegationTokenOptions renewTimePeriodMs(long renewTimePeriodMs) { this.renewTimePeriodMs = renewTimePeriodMs; return this; } public long renewTimePeriodMs() { return renewTimePeriodMs; } } public class ExpireDelegationTokenResult { private final KafkaFuture<Long> expiryTimestamp; ExpireDelegationTokenResult(KafkaFuture<Long> expiryTimestamp) { this.expiryTimestamp = expiryTimestamp; } /** * Returns a future which yields expiry timestamp */ public KafkaFuture<Long> expiryTimestamp() { return expiryTimestamp; } } public class ExpireDelegationTokenOptions extends AbstractOptions<ExpireDelegationTokenOptions> { private long expiryTimePeriodMs = -1; public ExpireDelegationTokenOptions expiryTimePeriodMs(long expiryTimePeriodMs) { this.expiryTimePeriodMs = expiryTimePeriodMs; return this; } public long expiryTimePeriodMs() { return expiryTimePeriodMs; } } public class DescribeDelegationTokenResult { private final KafkaFuture<List<DelegationToken>> delegationTokens; DescribeDelegationTokenResult(KafkaFuture<List<DelegationToken>> delegationTokens) { this.delegationTokens = delegationTokens; } /** * Returns a future which yields list of delegation tokens */ public KafkaFuture<List<DelegationToken>> delegationTokens() { return delegationTokens; } } public class DescribeDelegationTokenOptions extends AbstractOptions<DescribeDelegationTokenOptions> { private List<KafkaPrincipal> owners; public DescribeDelegationTokenOptions owners(List<KafkaPrincipal> owners) { this.owners = owners; return this; } public List<KafkaPrincipal> owners() { return owners; }
Compatibility, Deprecation, and Migration Plan
This is a new API and won't directly affect existing users.
Rejected Alternatives